Data breach in SteemConnect - revoke access for your safety - Utopian hacked?
I've been seeing several discord servers mentioning a data breach in SteemConnect.
For now it's best to revoke all tokens and remove all authorizations to all apps. Head over to
https://v2.steemconnect.com/apps/authorized
Better safe than sorry. Further information will surface later.
Update: it seems Utopian got hacked, don't panic, funds are safe, only posting
darnation.
Luckily, I just checked and it turns out I never gave an OAuth token to anyone. I just always log in manually when I use the services XD
Hope they figure out what happened and which app went rogue.
I've seen several different posts and some of them are suggesting a data breach on Steemconnect's side, while other's suggest one of the apps lots of people have Authorized to post on their behalf went rogue and to disconnect all the tokens till they find out which one.
Cool, An AI bot upvoted me !
This is good, If the AI like me, I might have a better chance of surviving the future AI Uprising ! XD
Got a link to something official? I'd hope Steemit Inc would be looking out for us
@steevc Discord is going nuts. I updated the post, it seems Utopian got hacked. They store the tokens in their database :-s That sounds like a really bad design...
Doesn't look like I have a token for them, but thanks anyway
This is the result of greedy people... They leak tokens and use them to get profits and damage others. Hope that with this stab in the back utopian will put some encryption to the tokens saved in their database and block the access to their team to these sensitive data.
As others have mentioned elsewhere if you are especially concerned about your account you may also seek to update your master keys to revoke any prior keys that were being used.
While revoking your apps' authorizations will stop those apps from being able to use your account it will not solve the problem if SteemConnect as a platform has been compromised. In addition if the SteemConnect platform is compromised you may be offering your Active or Master key to the hacker by signing in with it.
Please note that this would be near worse case situation but is still a potential threat scenario. Please use your own best judgement with protecting your account's access. I'm certain more official word will be coming today.
[Just seen @jefpatat's update about Utopian message. Please disregard my message if this is simply a token leak.]
It is not steemconnect that has been hacked but utopian-io... And saying hacked is not a very precise word because the problem was from inside the platform.... Some tokens had been leaked from the inside of utopian-io and with that someone got the control of few keys to downvote or upvote some posts without their consensus. No danger on your wallets but it is for sure a good thing to revoke your tokens from all platforms and change your password. This was in short the last update given by utopian-io. Utopian-io blocked this process and revoked all posting tokens so now everything should be safe. They are investigating on who did this action of leaking tokens and will work on some safety measures to protect all tokens stored in their database. This stab was kind of needed so that they increase safety from the inside